Posts

Microsoft Azure/Entra SSO + AWS EKS + Oauth2-Proxy with Kubernetes-Dashboard My goal was to deploy the Kubernetes Dashboard in a managed Kubernetes cluster with AWS EKS. The dashboard is secured via single sign-on via Microsoft Entra in combination with the OAuth2 Proxy and NGINX Ingress controller. In the following I will show the those steps: Microsoft Entra OAuth2 Application with terraform OAuth2 Proxy setup with Microsoft Entra Kubernetes Dashboard configured with authorization header for authenticating users AWS EKS with Entra as OIDC provider because the Kubernetes Dashboard uses the Kubernetes API for authorization Troubleshooting Microsoft Entra OAuth 2....

AWS Certificate Manager - Reminder for expiring certificates Sometimes you have the situation when you have to import certificates manually in ACM. So it is important to renew the certificate before it will expire. This article describes how to set up an email notification in terraform about expiring certificates that will be triggered multiple times before expiration to renew it. By default, AWS sends the first event to Amazon EventBridge about expiration 45 days before the expiration....

Route53 health checks Although we have already monitoring with Prometheus in our Kubernetes cluster, we want to additionally monitor our customer systems from outside. This means that, in contrast to Prometheus monitoring, additional components for routing traffic into our Kubernetes cluster will be checked. In our AWS environment, this additional components will be checked: Route53 the Application Load Balancer the corresponding certificates at the Load Balancer Target Groups Ingress Controller in the cluster....

This post describes the setup of a dead man’s switch for Prometheus / Alertmanager in a kubernetes cluster. A primary goal of the monitoring and alerting system is to generate alerts as soon as possible when problems occur, so administrators can react promptly and the impact on users can be limited. But what happens, if the monitoring system itself is impaired? In case of an outage of the kubernetes cluster where Prometheus is installed, it is highly probable that no alerts are generated....

Loadbalancer health checks in EKS Todays post is about setting up load balancer health checks for a Kubernetes Cluster (EKS) within AWS. The setup consists of an Application Load Balancer, an Auto Scaling group and a target group which contains the Kubernetes worker nodes. The diagram shows a overview of the setup we aim for: flowchart TB ALB[Load Balancer]--Redirects traffic to-->ide1 asg[Autoscaling]--Considers ALB Health-Checks-->ALB subgraph ide1 [Target-Group] hs[Health-Check]--Port-30003-->n1 hs[Health-Check]--Port-30003-->n2 n1[EKS-Node-1]-->POD-echo-server-1 n2[EKS-Node-2]-->POD-echo-server-2 end The health checks configured in the target group did not work with the default configuration and reported unhealthy....

Prometheus - Alertmanager routing with AlertmanagerConfig This post will describe the routing for Alertmanager with the declarative AlertmanagerConfig resource provided by the Prometheus-Operator in Kubernetes. Scenario Our alerts in the Kubernetes cluster are forwarded to Mattermost via the Alertmanager. This is the scenario i will cover in the post: All alerts go to a main Mattermost channel (aws-alerts) Each customer deployment is in a separate Kubernetes namespace Each customer can have multiple modules represented by a Kubernetes deployment for each module....